OpenSSL
OpenSSL是 SSL 和 TLS 協議的開源實現,旨在儘可能靈活。OpenSSL 支持各種平台,包括 BSD、Linux、OpenVMS、Solaris 和 Windows。
安裝[編輯 | 編輯原始碼]
Arch Linux 默認安裝 openssl包(作為 coreutils包 的依賴)。
有許多 OpenSSL 庫綁定可供開發者使用:
- python-pyopenssl包
- perl-net-ssleay包
- lua-sec包、lua52-sec包 和 lua51-sec包
- haskell-hsopenssl包
- haskell-openssl-streams包
配置[編輯 | 編輯原始碼]
在 Arch Linux 中 OPENSSLDIR
為 /etc/ssl
。
OpenSSL 配置文件通常位於 /etc/ssl/openssl.cnf
,乍一看可能很複雜。注意在賦值中可以展開變量,這與 Shell 腳本的工作方式很相似。配置文件格式的詳細解釋,請見 config(5ssl)。
req 部分[編輯 | 編輯原始碼]
與生成密鑰、請求和自簽名證書有關的設置。
The req section is responsible for the DN prompts. A general misconception is the Common Name (CN) prompt, which suggests that it should have the user's proper name as a value. End-user certificates need to have the machine hostname as CN, whereas CA should not have a valid TLD, so that there is no chance that, between the possible combinations of certified end-users' CN and the CA certificate's, there is a match that could be misinterpreted by some software as meaning that the end-user certificate is self-signed. 某些 CA 證書甚至沒有 CN,例如 Equifax:
$ openssl x509 -subject -noout < /etc/ssl/certs/Equifax_Secure_CA.pem
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
用法[編輯 | 編輯原始碼]
請先閱讀 Transport Layer Security#Obtaining a certificate。
生成 Curve25519 私鑰[編輯 | 編輯原始碼]
$ openssl genpkey -algorithm x25519 -out 文件名
生成 ECDSA 私鑰[編輯 | 編輯原始碼]
$ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out 文件名
生成 RSA 私鑰[編輯 | 編輯原始碼]
使用(根據 openssl(1ssl),代替 genrsa 的)genpkey(1ssl):
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:私钥大小 -out 文件名
如果需要加密密鑰,使用 -aes-256-cbc
選項。
生成證書籤名請求[編輯 | 編輯原始碼]
使用 req(1ssl):
$ openssl req -new -sha256 -key 私钥 -out 文件名
顯示證書籤名請求[編輯 | 編輯原始碼]
證書籤名請求以編碼形式存儲。要以人類可讀的形式查看請求:
$ openssl req -noout -text -in 文件名
生成自簽名證書[編輯 | 編輯原始碼]
$ openssl req -key private_key -x509 -new -days days -out filename
Generate a self-signed certificate with private key in a single command[編輯 | 編輯原始碼]
You can combine the above command in OpenSSL into a single command which might be convenient in some cases:
$ openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename
Generate Diffie–Hellman parameters[編輯 | 編輯原始碼]
See Diffie–Hellman key exchange for more information.
Current best practice is to use one of the standard DH groups from RFC:7919, eg. ffdhe2048.
Alternatively you can generate a random group of your own:
$ openssl dhparam -out filename 2048
-dsaparam
option [1].顯示證書信息[編輯 | 編輯原始碼]
$ openssl x509 -text -in 证书文件名
顯示證書指紋[編輯 | 編輯原始碼]
$ openssl x509 -noout -in 证书文件名 -fingerprint -digest
-digest
is optional and one of -md5
, -sha1
, -sha256
, or -sha512
. See "-digest" in x509(1ssl) § Input, Output, and General Purpose Options for when the digest is unspecified.
轉換證書格式[編輯 | 編輯原始碼]
Use openssl x509
to convert certificates from binary (DER) format to PEM format (the text format with BEGIN CERTIFICATE
headers):
$ openssl x509 -inform DER < myCA.crt > myCA_pem.crt
Use third-party providers[編輯 | 編輯原始碼]
OpenSSL 3 introduced providers as a new concept for OpenSSL plugability. It is possible to use algorithms not included in OpenSSL without having to recompile it. For example, to test the NIST Post-Quantum Cryptography algorithms, you can install the Open Quantum Safe provider oqsproviderAUR. As an example, you can generate a quantum-safe self-signed certificate with private key using one of the variants of the Dilithium signature algorithm:
$ openssl req -provider oqsprovider -x509 -newkey dilithium3 -days days -keyout key -out cert
Troubleshooting[編輯 | 編輯原始碼]
"bad decrypt" while decrypting[編輯 | 編輯原始碼]
OpenSSL 1.1.0 changed the default digest algorithm for the dgst and enc commands from MD5 to SHA256. [2]
Therefore if a file has been encrypted using OpenSSL 1.0.2 or older, trying to decrypt it with an up to date version may result in an error like:
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:540
Supplying the -md md5
option should solve the issue:
$ openssl enc -d -md md5 -in encrypted -out decrypted
Python 3.10 and "ca md too weak" errors[編輯 | 編輯原始碼]
In Python 3.10 by default there is a hardcoded list of allowed OpenSSL ciphers. Some of the less secure, like MD5, have been disabled at the ssl
module level, ignoring the system-wide configuration of OpenSSL. It results sometimes in strange errors on older certificates, sometimes even when establishing https
connections, like:
requests.exceptions.SSLError: HTTPSConnectionPool(host='a.kind.of.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(398, '[SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3862)')))
To make Python follow the system configuration, you may have to rebuild it, adding --with-ssl-default-suites=openssl
parameter to ./configure
. The issue has been also reported as FS#73549.
See also[編輯 | 編輯原始碼]
- 維基百科的 OpenSSL 頁面,包含背景信息。
- OpenSSL 項目頁面。
- FreeBSD Handbook
- Step-by-step guide to create a signed SSL certificate
- OpenSSL Certificate Authority: A guide demonstrating how to act as your own certificate authority.
- Bulletproof SSL and TLS by Ivan Ristić, a more formal introduction to SSL/TLS